new: [yara] Added diagnostics

2019-04-30 15:36:13 +02:00 · 2019-04-30 15:36:13 +02:00 · 8b127f8fab
parent 964a1a6609
commit 8b127f8fab
5 changed files with 49 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@ -48,6 +48,10 @@ tools/mkdocs
 /app/files/scripts/mixbox/
 /app/files/scripts/*.pyc
 /app/files/scripts/*.py~
+/app/files/scripts/__pycache__
+/app/files/scripts/yara/__pycache__
+/app/files/scripts/yara/*.pyc
+/app/files/scripts/yara/*.py~
 /app/files/scripts/mispzmq/*
 !/app/files/scripts/mispzmq/mispzmq.py
 !/app/files/scripts/mispzmq/mispzmqtest.py
--- a/app/Controller/ServersController.php
+++ b/app/Controller/ServersController.php
@ -878,6 +878,7 @@ class ServersController extends AppController
            $mixboxVersion = array(0 => __('Incorrect mixbox version installed, found $current, expecting $expected'), 1 => __('OK'));
            $maecVersion = array(0 => __('Incorrect maec version installed, found $current, expecting $expected'), 1 => __('OK'));
            $pymispVersion = array(0 => __('Incorrect PyMISP version installed, found $current, expecting $expected'), 1 => __('OK'));
+            $plyaraVersion = array(0 => __('Incorrect plyara version installed, found $current, expecting $expected'), 1 => __('OK'));
            $sessionErrors = array(0 => __('OK'), 1 => __('High'), 2 => __('Alternative setting used'), 3 => __('Test failed'));
            $moduleErrors = array(0 => __('OK'), 1 => __('System not enabled'), 2 => __('No modules found'));

@ -999,6 +1000,8 @@ class ServersController extends AppController
                // check if the STIX and Cybox libraries are working and the correct version using the test script stixtest.py
                $stix = $this->Server->stixDiagnostics($diagnostic_errors, $stixVersion, $cyboxVersion, $mixboxVersion, $maecVersion, $stix2Version, $pymispVersion);

+                $yaraStatus = $this->Server->yaraDiagnostics($diagnostic_errors);
+
                // if GnuPG is set up in the settings, try to encrypt a test message
                $gpgStatus = $this->Server->gpgDiagnostics($diagnostic_errors);

@ -1018,7 +1021,7 @@ class ServersController extends AppController
                $sessionStatus = $this->Server->sessionDiagnostics($diagnostic_errors, $sessionCount);
                $this->set('sessionCount', $sessionCount);

-                $additionalViewVars = array('gpgStatus', 'sessionErrors', 'proxyStatus', 'sessionStatus', 'zmqStatus', 'stixVersion', 'cyboxVersion', 'mixboxVersion', 'maecVersion', 'stix2Version', 'pymispVersion', 'moduleStatus', 'gpgErrors', 'proxyErrors', 'zmqErrors', 'stixOperational', 'stix', 'moduleErrors', 'moduleTypes');
+                $additionalViewVars = array('gpgStatus', 'sessionErrors', 'proxyStatus', 'sessionStatus', 'zmqStatus', 'stixVersion', 'cyboxVersion', 'mixboxVersion', 'maecVersion', 'stix2Version', 'pymispVersion', 'moduleStatus', 'yaraStatus', 'gpgErrors', 'proxyErrors', 'zmqErrors', 'stixOperational', 'stix', 'moduleErrors', 'moduleTypes');
            }
            // check whether the files are writeable
            $writeableDirs = $this->Server->writeableDirsDiagnostics($diagnostic_errors);
--- a/app/Model/Server.php
+++ b/app/Model/Server.php
@ -4046,6 +4046,13 @@ class Server extends AppModel
        return $readableFiles;
    }

+    public function yaraDiagnostics(&$diagnostic_errors)
+    {
+        $scriptResult = shell_exec($this->getPythonVersion() . ' ' . APP . 'files' . DS . 'scripts' . DS . 'yaratest.py');
+        $scriptResult = json_decode($scriptResult, true);
+        return array('operational' => $scriptResult['success'], 'plyara' => $scriptResult['plyara']);
+    }
+
    public function stixDiagnostics(&$diagnostic_errors, &$stixVersion, &$cyboxVersion, &$mixboxVersion, &$maecVersion, &$stix2Version, &$pymispVersion)
    {
        $result = array();
--- a/app/View/Elements/healthElements/diagnostics.ctp
+++ b/app/View/Elements/healthElements/diagnostics.ctp
@ -253,6 +253,20 @@
            }
        ?>
    </div>
+    <h3><?php echo __('Yara');?></h3>
+    <p><?php echo __('This tool tests whether plyara, the library used by the yara export tool is installed or not.');?></p>
+    <div style="background-color:#f7f7f9;width:400px;">
+        <?php
+            $colour = 'green';
+            $message = __('OK');
+            if ($yaraStatus['operational'] == 0) {
+                $colour = 'red';
+                $message = __('Invalid plyara version / plyara not installed. Please run pip3 install plyara');
+            }
+            echo __('plyara library installed') . '…<span style="color:' . $colour . ';">' . $message . '</span>';
+        ?>
+    </div>
+
    <h3><?php echo __('GnuPG');?></h3>
    <p><?php echo __('This tool tests whether your GnuPG is set up correctly or not.');?></p>
    <div style="background-color:#f7f7f9;width:400px;">
--- a/app/files/scripts/yaratest.py
+++ b/app/files/scripts/yaratest.py
@ -0,0 +1,20 @@
+#!/usr/bin/env python3
+
+import json
+import sys
+results = {
+    'success': 1,
+    'plyara': 0,
+}
+try:
+    import plyara
+    results['plyara'] = 1
+except Exception:
+    results['playara'] = 0
+    results['success'] = 0
+
+print(json.dumps({
+    'success': results['success'],
+    'plyara': results['plyara']
+}))
+sys.exit(0)